North Carolina Security Breach Reporting Form 
Pursuant to the Identity Theft Protection Act of 2005 

*lndicated a mandatory field 

*Name of the Company or Government Agency owning or licensing information affected by the entity experiencing 
breach: 

JONES & HALE, LLP D/B/A MORNINGSTAR LAW GROUP 


Entity Type: 
Address: 

Apt/ Suite/Building: 
City: 

State: 

Zip Code: 
Telephone: 

Fax: 

Email: 


GENERAL BUSINESS 

421 FAYETTEVILLE STREET 

STE 530 

RALEIGH 

NC 

27601 

(919) 829-4974 

CJACKSON@MORNINGSTARLAWGROUP.COM 


*Date Security breach Reporting Form Submitted: 
*Date the Security Breach was discovered: 

Breach Type: 

*Estimated number of affected individuals: 
*Estimated number of NC residents affected: 


08/25/2017 

05/18/2017 

HACKERS/ UNAUTHORIZED ACCESS 

5 

4 


Name of company or government agency maintaining or possessing information that was the subject of 
the Security Breach, if the agency that experienced the Security Breach is not the same entity as the 
agency reporting the Security Breach (pursuant to N.C.G.S. 75-65(b)) 


Describe the 
circumstances 
surrounding the 
Security Breach: 


WE DISCOVERED THAT AN UNAUTHORIZED "AUTOMATIC FORWARD" 
OF INCOMING EMAILS HAD BEEN ADDED TO ONE EMPLOYEE’S EMAIL 
ACCOUNT. A SUBSEQUENT INVESTIGATION AND FORENSIC 
EXAMINATION CLARIFIED THE ESTIMATED TIME FRAME. MOST OF THE 
FORWARDED EMAILS DID NOT CONTAIN PERSONAL INFORMATION; 
HOWEVER, AN EXTENSIVE INVESTIGATION AND REVIEW OF EMAILS 
DURING THE AFFECTED TIME PERIOD WAS REQUIRED TO IDENTIFY THE 
EMAILS THAT DID CONTAIN PERSONAL INFORMATION OF FIVE PEOPLE. 


Information Type: 


ACCOUNT # 

CC/DC 

SSN 


*Regarding YES 

information 

breached, if 

electronic, was the 

information 

protected in some 



manner: 


If YES, please THE EMAIL WAS IN A PASSWORD PROTECTED MICROSOFT OFFICE 365 

describe the EMAIL ACCOUNT. 

security measures 

protecting the 

information: 


*Describe any 
measures taken to 
prevent a similar 
Security Breach 
from occurring in 
the future: 


THE PASSWORDS ON ALL ACCOUNTS ON THE EXCHANGE SERVER 
WERE CHANGED; REGULAR MONITORING OF THE ACCOUNT SETTINGS 
(INCLUDING FORWARD COMMANDS); REGULAR SCANS FOR 
MALWARE; TRAINING EMPLOYEES ON PHISHING AND OTHER 
SECURITY THREATS; AND ENHANCED LOGGING FOR OFFICE 365. 


*Date affected NC 08/24/2017 
residents were/will 
be notified: 


Describe the circumstances surrounding the delay in notifying 
affected NC residents pursuant to N.C.G.S. 75-65 (a) and (c): 


THE FORENSIC INVESTIGATION 
AND REVIEW OF AFFECTED 
EMAILS TO DETERMINE WHAT, IF 
ANY, PERSONAL INFORMATION 
WAS COMPROMISED TOOK 
SEVERAL WEEKS. ONCE THE 
PERSONAL INFORMATION WAS 
DISCOVERED, WE PROMPTLY 
NOTIFIED THE AFFECTED 
INDIVIDUALS. 


If the delay was pursuant to a request from law enforcement pursuant to N.C.G.S. 75-65(c), please 
attach or mail the written request or the contemporaneous memorandum. 

How NC residents WRITTEN NOTICE 
were/will be 
notified? (pursuant 
to N.C.G.S. 75-65 

(e)): 

Please note if the business demonstrates that the cost of providing notice would 
exceed two hundred fifty thousand dollars ($250,000) or that the affected class of 
subject persons to be notified exceeds 500,000, or if the business does not have 
sufficient contact information or consent to satisfy subdivisions (1), (2), or (3) of 
this subsection, for only those affected persons without sufficient contact 
information or consent, or if the business is unable to identify particular affected 
persons, for only those unidentifiable affected persons. Substitute notice shall 
consist of all the following: 

• Email notice when the business has an electronic mail address for the 



subject persons 

• Conspicuous posting of the notice on the Web site page of the business, if 
one is maintained 

• Notification to major statewide media 


Please attach a copy of the notice if in written form or a copy of any scripted notice if in telephonic 
form. 


Contact Information ATTORNEY 

Affiliation with entity 
experiencing breach: 

Organization Name: MORNINGSTAR LAW GROUP 

Prefix: 

*First Name: CHRISTOPHER 


Middle Name: 
*Last Name: 
Suffix: 

Title: 

Address: 

Apt/ Suite/building: 
City: 

State: 

*Telephone: 

Email: 


JACKSON 

PARTNER 

421 FAYETTEVILLE STREET 

STE 530 

RALEIGH 

NC Zip Code: 27601 

(919) 829-4974 Fax: 

CJACKSON@MORNINGSTARLAWGROUP.COM 



A MORNINGSTAR 

"TyC LAW GROUP 


Mack Paul | Partner 
421 Fayetteville Street, Suite 530 
Raleigh, NC 27601 

919-590-0377 

mpaul@morningstarlawgroup.com 

www.morningstarlawgroup.com 


August_, 2017 


Dear_: 

I am writing to let you know about a recent data security incident involving our firm which may 
have resulted in the disclosure of some of your personal information. 

What Happened : 

We discovered that an unauthorized "automatic forward" of incoming emails had been added to 
my Morningstar Law Group email account. Thus, for a period of time, information sent to my 
email account was forwarded to an unauthorized external email address. 

As soon as we discovered this issue, we took immediate measures to resolve the situation and are 
satisfied that it is, in fact, resolved. We immediately terminated the auto-forward command, 
changed all passwords, and had our IT company conduct a thorough review of all of the firm's 
email accounts. We also had an outside forensics expert conduct an investigation of the nature 
and scope of the breach and an analysis of the email account. We then reviewed all emails that 
were likely forwarded, and identified emails containing personal information of five people 
(including one email that contained the personal information described below) that may have been 
among the forwarded emails. 

What Information Was Involved : 

When we reviewed the emails that were improperly forwarded, we found an email that included 

[a tax form containing [your social security number][_’s social security number]] [a 

copy of a personal check made out from you to the firm] [a sponsorship form containing your 
credit card information]. 


We are not aware of any attempts to use the information contained in these emails for any improper 
purpose to date. 
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What We Are Doing : 

Morningstar Law Group respects the privacy of its clients, colleagues, and business partners, and 
the confidentiality of your infonnation. We have strengthened our security protocols and 
implemented additional security measures (including additional monitoring, scans, and training 
and enhanced logging for Office 365) to prevent a recurrence of such an attack and to protect the 
privacy and confidentiality of our information moving forward. 

What You Can Do : 

The attachment to this letter provides infonnation on steps you can take to protect yourself 
against identity theft. Please read the attached steps you can take to protect your personal 
information. 

In addition, we would like to offer you a year of credit monitoring at our cost. Please contact our 
firm administrator, Amanda Walsh at 919-590-0386 for the details of this service and 
information on how to enroll. 

We appreciate the confidential nature of the information involved and we deeply regret that this 
incident occurred. If you have any questions, please contact Amanda or me. 


Sincerely, 

Morningstar Law Group 


Mack Paul 
Partner 


4848-0596-4363, V. 1 
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STEPS YOU CAN TAKE TO PROTECT YOUR PERSONAL INFORMATION 

■ Review Your Account Statements and Notify Law Enforcement of Suspicious Activity 

As a precautionary measure, we recommend that you remain vigilant by reviewing your account 
statements and credit reports closely. If you detect any suspicious activity on an account, you 
should promptly notify the financial institution or company with which the account is maintained. 
You also should promptly report any fraudulent activity or any suspected incidence of identity 
theft to proper law enforcement authorities, your state attorney general, and/or the Federal 
Trade Commission (FTC). You have the right to obtain a police report regarding the breach. 

To file a complaint with the FTC, go to www.ftc.gov/idtheft , or call 1-877-ID-THEFT (877-438- 
4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data 
Clearinghouse, which is a database made available to law enforcement agencies. 


■ Copy of Credit Report 

You may obtain a free copy of your credit report from each of the three major credit reporting 
agencies once every 12 months by visiting https://www.annualcreditreport.com , calling toll-free 
877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual 
Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of 
the request form at https://www.annualcreditreport.com/cra/requestformfinal.pdf . Or you can 
elect to purchase a copy of your credit report by contacting one of the three national credit 
reporting agencies. Contact information for the three national credit reporting agencies for the 
purpose of requesting a copy of your credit report or for general inquiries is provided below: 


Equifax 

(800) 685-1111 
www.equifax.com 
P.O. Box 740241 
Atlanta, GA 30374 


Experian 
(888) 397-3742 
www.experian.com 
535 Anton Blvd., Suite 100 
Costa Mesa, CA 92626 


TransUnion 
(800) 916-8800 
www.transunion.com 
P.O. Box 6790 
Fullerton, CA 92834 


■ Fraud Alert 


You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free 
and will stay on your credit file for at least 90 days. The alert informs creditors of possible 
fraudulent activity within your report and requests that the creditor contact you prior to 
establishing any accounts in your name. To place a fraud alert on your credit report, contact any 
of the three credit reporting agencies identified above. Additional information is available at 
https://www.annualcreditreport.com/index.action . 


■ Security Freeze 

In many states, including North Carolina, you have the right to put a security freeze on your 
credit file. This will prevent new credit from being opened in your name without the use of a PIN 
number that is issued to you when you initiate the freeze. A security freeze is designed to 
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prevent potential creditors from accessing your credit report without your consent. As a result, 
using a security freeze may interfere with or delay your ability to obtain credit. You must 
separately place a security freeze on your credit file with each credit reporting agency. 
Additionally, if you request a security freeze from a consumer reporting agency there may be a 
fee up to $5 to place, lift or remove the security freeze. In order to place a security freeze, you 
may be required to provide the consumer reporting agency with information that identifies you 
including your full name, Social Security number, date of birth, current and previous addresses, 
a copy of your state-issued identification card, and a recent utility bill, bank statement or 
insurance statement. 

■ Additional Free Resources on Identity Theft 

You may wish to review the tips provided by the Federal Trade Commission on how to avoid 
identity theft. For more information, please visit http://www.ftc.gov/idtheft or call 1-877-ID- 
THEFT (877-438-4338). A copy of Taking Charge: What to Do if Your Identity is Stolen, a 
comprehensive guide from the FTC to help you guard against and deal with identity theft, can 
be found on the FTC’s website at: http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm . 
You may also contact the North Carolina Attorney General’s Office for additional information 
about protecting yourself from identity theft: http://ncdoi.gov/Protect-Yourself/2-4-3-Protect- 
Your-ldentitv.aspx or call 1-877-5-NO-SCAM (1-877-566-7226) or (919)716-6000. 
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